Unauthorized Remote Reboot and Function Execution in MusicCenter / Trivum Multiroom Setup Tool V8.76
CVE-2018-13858 · HIGH Severity
AV:N/AC:L/AU:N/C:C/I:C/A:C
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.
Learn more about our Web Application Penetration Testing UK.